Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all 10484 articles
Browse latest View live

Cloud files cause Outlook add-in to crash

April 13, 2017, 5:55 pm
$
0
0
I need a solution

All of our users have build 14.0.2332.0100.  We run Outlook 2016 with our email hosted through Office 365 (some with standalone and some with click-to-run version of the Office suite).  For certain users, any time they try to click on an attachment that is a link to a shared web file, Outlook crashes, and they get the message that the Symantec Endpoint Outlook Protection caused the program to crash.  With the add-in disabled, they can access the shared file without issue.  Any suggestions?  It does not appear to be related to the Office install.

0
Search

SEP 14.x GUP

April 14, 2017, 4:40 am
$
0
0
I need a solution

Hi all,

This is my first posting here so please forgive me if I am not following observed procedures.

We are managing a Symantec infrastructure composed by SEP 12.1.X managers and clients. We are providing updates to remote locations using GUP systems (as said, 12.1 clients)

Next week we are going to migrate the SEP manager servers to version 14 and I want to be sure of the following in order to prepare a migration plan for all clients:

1 - Is a SEP 12.1 GUP client able to provide updates to SEP 14 clients?

2.- Is a SEP 14 GUP able to provide updates to SEP 12.1 clients?

I have been trying to find answers to these questions without any success. In the end, I have decided to post these questions here just in case someone could help.

Thank you very much in advance to everyone for your help.

Ciao

FJBR

0
1492174522

Sep services stops automatically

April 14, 2017, 5:03 am
$
0
0
I need a solution

Hi,
It's a customer environment.

I have two sep clients installed on server 2008 r2 standard edition.
I observed that the client service stops automatically and randomly (no time frame)

Sep 14 mp1 is installed on all server 2008 std editions but these two systems getting affected like this.

I have aksed them to enable tamper protection. But what could be the reason for this behavior?

0

problème de configuration de SQL 2012 avec SEPM 14MP1 après la mise à niveau

April 16, 2017, 6:44 am
$
0
0
I need a solution

Bonjour ;

Avant la mise à niveau de mon serveur SEPM 12.1.6MP4 Secondaire ;  j’ai supprimé la réplication entre ce serveur et un autre serveur de réplication primaire,

Alors maintenant  quand j’essaie  de finir la configuration un message d’erreur s’affiche

Veuillez trouver le message d’erreur ci-joint

Prière me guider comment résoudre ce problème

Cordialement,  

0

Found questionable things in exclusions

April 16, 2017, 3:44 pm
$
0
0
I need a solution

In my workplace we are using Symantec Endpoint Protection on latest version of 12 with up to date definitions. I recently discovered a workstation with an unknown background process,this a more than a little suspicious as upon researching it turns out to be associated with software aimed to illegally circumvent proper activation of MS products.

I found that this had been detected, quarantined, but then somehow restored. Even more surprising was the fact that this executable and other detected files had all been added to the exclusion list to avoid re-detection.

Did this executable restore and then exclude itself? Would this had to have been restored and excluded manually? I am very concerned about the safety of our network environment.

Any insight anyone could offer is greatly appreciated!

0

Sep 14 donuyor açılmıyor termina server 2012 r2

April 17, 2017, 4:12 am
$
0
0
I need a solution

Merhabalar

Content install failed on the client

Product: SEPC Iron Whitelist 14.0
Version: MicroDefsB.CurDefs
Language: SymAllLanguages
Moniker: {EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}
Sequence: 170414003
Publish Date: 14 Nisan 2017 Cuma
Revision: 003

bu şekilde hata aldıktan sonra ya self managed oluyor ya da donuyor hiç bir şekilde açılmıyor.

0

Change status to self-managed terminal server 2012 r2 sep 14

April 17, 2017, 4:19 am
$
0
0
I need a solution

something happened and then sep client changed to self-managed status until ı restart terminal server.

this error message 

Content install failed on the client

Product: SEPC Iron Whitelist 14.0
Version: MicroDefsB.CurDefs
Language: SymAllLanguages
Moniker: {EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}
Sequence: 170414003
Publish Date: 14 Nisan 2017 Cuma
Revision: 003

happened sometimes. maybe these are connected  problems.

0

SEP 14 Agent missing after restart

April 17, 2017, 6:07 am
$
0
0
I need a solution

Hello all,

Has anyone come across an issue where after installing the SEP 14 MP1 client, installs successfully but after a reboot of the machine, the client isn't there?

I can see the service but it does not start and issuing the smc -start command says file not found. From SymDiag I see that it says that there is an unexpected installation.

I don't see any logs or any software that may be causing the program to go away.

Any help is appreciated.

Thanks,

0
Search

SEPM agent fails to install on Win10 via MDT......installs fine manually

April 17, 2017, 9:40 am
$
0
0
I need a solution

I'm using Symantec Agent 12.1.6 MP7 in my MDT Task sequence, which simply runs "setup.exe /s"

In the MDT logs, it shows that the app installed successfully with return code 0.  However, on the computer itself I see in the sidebar "Symantec Endpoing Protection doesn't work on this version of Windows."

Then I try to install it manually using the same command line and it works fine. 

I'm at a loss as to how to troubleshoot this, since no local Symantec logs are generated and MDT thinks it's working fine.  Is there anything I can try?

0

NSA Malware Detection

April 17, 2017, 7:29 am
$
0
0
I need a solution

Hello,

Recently we saw some news about some NSA Malware that contained a bunch of malicious files (OddJob, EasyBee, EternalRomance, FuzzBunch etc) and hacking tools.

Does Symantec Endpoint Protection have definitions to protect against these? Are they even considered malicious?

Microsoft says that Windows updates already have a fix for the same. Any comments from Symantec on the same?

Thanks,

0
1492458646

Symantec Manager Console obsolete client question

April 17, 2017, 1:04 pm
$
0
0
I need a solution

I have my console set to the default of automatically remove clients after 30 days of not contacting the server. If I have a client that has been offline/travelling for say 35 days, the computer should be purged from the console. Now say on the 36th day they reconnect that computer to the network and connect to the Symantec server. Will the console automatically recreate the computer account for that computer based off of the hardware ID and it will begin showing up again in the console or are they steps I need to do to bring it back online?

Thanks

0
1492461255

wax####.tmp Security Risk Found Alerts

April 18, 2017, 4:47 am
$
0
0
I need a solution

Hi,

Couple of months ago, Symantec Endpoint Manager (SEM) sent to mail alerts about wax###.tmp files (#### = 4 characters random strings) and this kind of reports are still sent to us.

Alerts are sending from by both servers and clients. All wax.tmp files's hashes are different from each other but  file path is same (c:\windows\temp\...). When we upload files to Virustotal, only Symantec describes it as a malware (1/56).

Report file looks like:

At least one security risk found:
Risk name: Heur.AdvML.B
File path: c:\windows\temp\wax2342.tmp 
Action taken on risk: Cleaned by deletion 

I have searched many websites related to this issue but we haven't got correct answers. Why we get this kind of alerts and how can we reach the root source's of this problem? Should it be false positive?

All helps are appreciated. Thanks a lot.

0

File system autoprotect not functioning correctly

April 18, 2017, 5:00 am
$
0
0
I need a solution

Hello,

on one PC having installed "symantec endpoint protection", I get this message "File System Auto-Protect is not functioning correctly".

The option File System Auto-Protect is set to "enabled"
There is a yellow dot on the SEP icon

How can I solve this?

thank you so much for your help

0

Install MP7 in Win 10.0.15063

April 18, 2017, 12:55 pm
$
0
0
I need a solution

How to install or when is MP8 due out?

I need the fix now.

0

Restart SEP clients pushed from SEPM causing multiple restarts

April 17, 2017, 10:39 pm
$
0
0
I need a solution

Hello,

As we wanted to restart all computers in few groups to reboot the machine's so we pushed a command from Symantec manager to restart the clients. However it is custom, so that users may delay the reboot. However we observed that user's started complaining that they were asked to reboot their machines again even after they had rebooted it.

What could be the cause and how to identify it. ?

0
Search

Decommissioning First SEPM In Multi-Server Environment

April 18, 2017, 10:42 am
$
0
0
I need a solution

Here are the stats:

  • 600 clients
  • SQL DB on DB1
  • 2 Management Servers (MS2k3 & MS2k8) running 2003 and 2008 R2
  • Management Servers are set up for load balancing, no replication currently
  • No current requirements for replication, all systems served by primary site.  Future need may be required.
  • Currently installed Version is 12.1.6 RU5

What I am trying to accomplish:

  • Eliminate MS2k3, which was installed ~ 3 years prior to 2k8 server, and add a Management Server running 2012 (MS2012)
  • Perform this elimination gracefully, being able to transition clients off of the MS2k3 and into the current cluster (or at least be able to bring MS2k3 back online with MS2012 still online)
  • Goal is to eventually end with Current Release of 12.1.6 RU7 once the MS2k3 is eliminated, but I have installers for RU5 for new server

I have found and understand how to add MS2012 into the load balancing and to pull MS2k3 out of the load balancing and leave as a redundant server.  I get that I have to install the same version as currently deployed

Where I am getting hung up is the decommissioning process of a first installed Managent Server (MS2k3).  I am finding information outside of these articles, in forums, that seem to indicate that the first installed server in a cluster (MS2k3 in this case) has some special "halo" around it that can cause some issues if you don't decomission gracefully, but I can't really find any indications in KBs that in a cluster, where all three can be running for a couple of days, that this is the case. Of course though, I see some sparks and don't want to set fire to the whole thing, so I am hoping that I can get some clarification on what I have found:

  • Question 1: Is the first installed server truly special?
  • Question 2: A post by Ghent (Symantec Emp) refers to a simple replication process of site partners and distinguishes that from replication partners, but I can not find any mention of site partners outside of that post.  Is Site Partners different from replication partners, and will Site Partners provide me with the expected result?
  • Question 3: I have seen some mentions that if I do this as a replication, then remove the original server, I will get most of the way to my goal, with one issue, if I want replication in the future, I won't be able to use it because I have a broken replication.
  • Question 4: If I go with the Disaster Recovery procedure (suggested as a solution for some questions), it sounds like an either or situation. Either I have MS2k3 online, or I take a second server, which I also name the same Host Name / FQDN as MS2k3, with the same IP address as MS2k3 and have that online.  With Disaster Recovery, I am all or none with bringing everyone over to the new server, and it doesn't seem like I can go back if something is off. Is there a way to use DR to reach my intended outcome without going "all the way"
0
1492617219

Risk Notification email excluding IPs?

April 18, 2017, 1:59 pm
$
0
0
I need a solution

I have a domain where a lot of the data is confedential. (dont we all?)    We would like to keep the IP addresses out of the Risk Notification email that are generated when Symantec sees and cleans a virus (Eicar or whatever).   Currently the body of the message has both the IP and the System Name of the SEPM and the attachment is a .mht file that includes the name and IP address of the infected machine.  Is there a way to mask those IPs?  And maybe edit the Machine names so while I understand what machines are an issue,  someone off the street wouldnt.

Thank you

0

Endpoint Protection 12.1.6 MP7 vs V14

April 18, 2017, 4:01 pm
$
0
0
I need a solution

Hi There,

I have been handed the task of updating our current Endpoint Protection Solution. This is my first dive into SEP so forgive me, if this is a dumb question.

We are currently running SEPM 12.1.6 RU6 MP6 which apparently will be unspported in May. I have been tasked with the upgrade and asked to figure out if we should go to 12.1.6.MP7 or V14. I have looked and looked to find what the differences are between the two, but cannot seem to find anything. I am guessing that one may be SEPM on the server side and the other is the client side, but I really have no idea.

If anyone can point me in the right direction, I would greatly appreciate it!

Regards.

0

SEP clients going offline / Cannot register to SEPM

April 18, 2017, 9:34 pm
$
0
0
I need a solution

Hi,

We have 6000 licenses purchased for our SEPM however as part of Migration and aquisition of few companies the over deployed licenses have increased the client count. Which is 20,000 currently. 

when we try to deploy SEP clients from an image / even few existing SEP clients cannot come online and register themselves into SEPM.

Hence i did secars test and it was fine. However i collected Sylink debug and found few entries below:- (Which may or may not help)

InternetCallback> HttpOpenRequest; Internet status: 60; CtrlBlk: 083114E0
04/18 15:04:25.357 [3312] 15:4:25=>Send HTTP REQUEST
04/18 15:04:25.513 [3236] <InternetCallback> HttpSendRequestEx; Internet status: 100; CtrlBlk: 083114E0
04/18 15:04:25.513 [3312] AH: (InetWaiting) bFinished is TRUE on CtrlBlk: 083114E0
04/18 15:04:25.700 [3236] <InternetCallback> HttpEndRequest; Internet status: 100; CtrlBlk: 083114E0
04/18 15:04:25.731 [3312] 15:4:25=>HTTP REQUEST sent
04/18 15:04:25.731 [3312] 15:4:25=>QUERY return code
04/18 15:04:25.731 [3312] 15:4:25=>QUERY return code completed
04/18 15:04:25.731 [3312] <SendRegistrationRequest:>SMS return=500
04/18 15:04:25.731 [3312] <ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
04/18 15:04:25.731 [3312] <SendRegistrationRequest:>Content Lenght => 531
04/18 15:04:25.731 [3312] <mfn_ReadDataFromServer>Content Lenght => 531
04/18 15:04:25.731 [3312] <mfn_ReadDataFromServer>Got data from server, read bytes=531
04/18 15:04:25.731 [3312] HTTP returns status code=500
04/18 15:04:25.731 [3312] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
04/18 15:04:25.731 [3312] <SendRegistrationRequest:>COMPLETED, returned 5
04/18 15:04:25.747 [3312] HEARTBEAT: Check Point 5.1
04/18 15:04:25.747 [3312] NextProxySetting: Cycled through all proxy settings.
04/18 15:04:25.747 [3312] <RegHeartbeatProc>switch to another server
04/18 15:04:25.747 [3312] HEARTBEAT: Check Point 9
04/18 15:04:25.747 [3312] ResetProxySetting: Will now use proxy setting 1
04/18 15:04:25.747 [3312] HEARTBEAT: Check Point 8
04/18 15:04:25.747 [3312] <PostEvent> going to post event=EVENT_SERVER_DISCONNECTED
04/18 15:04:25.747 [3312] <PostEvent> done post event=EVENT_SERVER_DISCONNECTED, return=0
04/18 15:04:26.261 [3312] HEARTBEAT: Check Point 1
04/18 15:04:26.261 [3312] HEARTBEAT: Check Point 2
04/18 15:04:26.261 [3312] <PostEvent> going to post event=EVENT_SERVER_CONNECTING

But the same client where i tried few troubleshooting steps didnt resolve, they came online itself after office hours. Does it has really something to do about concurrent connections or licenses ???

Could any one answer this please ? 

0

Incremental updates

April 18, 2017, 10:29 pm
$
0
0
I need a solution

Hi Team,

Please let us know whether there is any option to get daily incremental updates for symantec client computers which can be pushed/installed as an alternative to our symantec sepm server ? 

Regards,

Anishk

0
Viewing all 10484 articles
Browse latest View live
Search